SlideShare ist ein Scribd-Unternehmen logo
1 von 21
Downloaden Sie, um offline zu lesen
Viruses & Worms
ANAND KUMAR MISHRA
A Couple of Definitions:
• A computer virus is a computer program
that can copy itself and infect a computer
without permission or knowledge of the
user.
• “a program that replicates by “infecting”
other programs, so that they contain a
copy of the virus”
How
• Viral code is attached or “inserted” into the
order of execution so that when the
legitimate code is run the viral code is also
run or run instead of the legitimate code.
• May be “tacked” on to the end of an
executable file or inserted into unused
program space.
• Legitimate code must be modified so that
the viral code is branched/vectored to.
Most viruses:
• Do not damage the original program or
damage the hardware
– May damage data files
– “trash” firmware
– Mess up boot records
• But, some do
• For this reason most can be cleaned up
with anti-virus software.
The Normal Virus works like this:
• User call for a legitimate program
• The virus code, having inserted itself in
the order of execution, executes instead or
in addition to the legitimate program.
• The virus code terminates and returns
control to the legitimate program
“In The Wild”
• A virus is said to be “in the wild” when it
has either escaped or been released from
its controlled or development environment
to the general population.
• For a virus to be considered In the Wild, it
must be spreading as a result of normal
day-to-day operations on and between the
computers of unsuspecting users.
The Wildlist
• http:wildlist.org is an organizations that
maintains a list of “in the wild” viruses
• According to wildlist.org:
– To be considered “in the wild” a virus must be
reported by two or more virus professionals
who report to the Wildlist Organization
• Must also be accompanied by replicated samples
• This strictness insures that Wildlist viruses
are definitely out there doing damage.
How they work:
Basic structure:
{
look for one or more infectable objects
if (none found)
exit
else
infect object
}
Doesn’t remain in memory, but executes all of the viral code at once
then returns control to the infected program
Memory Resident Viruses
• Virus that installs itself into memory and
stays there after the host program
terminates so it can infect other programs
that come along.
• Boot sector infectors work this way
Major Components of Viruses
• Infection code
– This is the part that locates an infectable object
(previous snippet)
• Payload
– Any operation that any other program can do but is
usually something meant to be irratating or possibly
destructive.
• Trigger
– Whatever sets it off, time-of-day, program execution
by user.
Classifications:
• Boot Sector infectors
• File infectors
• Multipartite viruses
• Macro viruses
• Scripting viruses
• Other
Boot Sector infectors
• Used to be really popular, but with less people using floppy
disks are becoming rare
• Hard to write so other methods like scripting and macro
virues are more popular
• First sector on hard drive partion (first sector on floppy) is
Master Boot record, contains info about the drive and the
bootstrap loader.
• If MBR can be messed up then when boot tries to get drive
info from MBR for CMOS it won’t be able to boot up.
• May keep a copy of MBR around in case other programs
need to use info (makes it easier to disinfect)
File Infectors
• File viruses infect executable files.
• Historically haven’t been very successful
at spreading.
• Fast infectors – try to infect as many other
files as possible (instant gratification)
• Sparse infectors – only infect a few files at
a time (in order to not be conspicuous)
• Most really successful file infectors are
classified as Worms.
Multipartite Viruses
• Viruses that use more than one infection
mechanism
– File and Boot viruses
• Becoming more popular with virus writers
Macro Viruses
• Infect programming environments rather than
OSes or files.
• Almost any application that has it’s own macro
programming environment
– MS Office (Word, Excel, Access…)
– Visual Basic
• Application loads a file containing macro and
executes the macro upon loading –or- runs it
based on some application based trigger.
• Melissa was really successful macro virus
• Usually spread as an e-mail attachment
Script Viruses
• Usually refers to VBScript but could be
any scripting environment as Unix scell
scripts, Hypercard scripts, Javascript
• Usually sent as e-mail attachments with
doctored up file name as:
– Filename.doc.bat to fool user into opening it
Memetic Viruses
• These are not computer viruses but rather attempts at social
engineering or getting the user to conform to a certain behavior.
• Virus Hoaxes
• “Good Times” hoax (mid 1990s)
The story is that a virus called Good Times is being carried by
email. Just reading a message with "Good Times" in the subject line
will erase your hard drive, or even destroy your computer's
processor. Needless to say, it's a hoax, but a lot of people believed
it. The original message ended with instructions to "Forward this to
all your friends," and many people did just that. Warnings about
Good Times have been widely distributed on mailing lists, Usenet
newsgroups, and message boards.
The original hoax started in early December, 1994. It sprang up
again in March of 1995. In mid-April, a new version of the hoax that
ment
Worms
• Worms are a subset of viruses
• The differ in the the method of attachment;
rather than attaching to a file like a virus a
worm copies itself across the network
without attachment.
• Infects the environment rather than
specific objects
• Morris Worm, WANK, CHRISTMA EXEC
CHRISTMA EXEC
• Christmas Tree EXEC was the first widely disruptive
replicating network program, which paralysed several
international computer networks in December 1987.
• Written by a student at the
Clausthal University of Technology in the REXX scripting
language, it drew a crude Christmas tree - then sent
itself to each entry in the target's email contacts file. In
this way it spread onto the
European Academic Research Network (EARN), the
BITNET, and IBM's world-wide VNET. On all of these
systems it caused massive disruption.
• Its core mechanism was essentially the same as the
ILOVEYOU worm of 2000 - although running on
mainframes rather than PC's, spreading over a different
network, and scripted using REXX rather than VBScript.
Morris Worm
• The Morris worm or Internet worm was one of the first computer worms
distributed via the Internet; it is considered the first worm and was certainly
the first to gain significant mainstream media attention. It also resulted in the
first conviction under the 1986 Computer Fraud and Abuse Act.[1][2] It was
written by a student at Cornell University, Robert Tappan Morris, and
launched on November 2, 1988 from MIT. The worm was released from MIT
to disguise the fact that the worm originally came from Cornell. (Incidentally,
Robert Tappan Morris is now an associate professor at MIT.)
• the Morris worm was not written to cause damage, but to gauge the size of
the Internet. An unintended consequence of the code, however, caused it to
be more damaging: a computer could be infected multiple times and each
additional process would slow the machine down, eventually to the point of
being unusable. The Morris worm worked by exploiting known vulnerabilities
in Unix sendmail, Finger, rsh/rexec and weak passwords. The main body of
the worm could only infect DEC VAX machines running BSD 4, and Sun 3
systems. A portable C "grappling hook" component of the worm was used to
pull over the main body, and the grappling hook could run on other systems,
loading them down and making them peripheral victims.
Slapper Worm
• Linux - 2002
• Exploits a problem in OpenSSL to run a
shell on a remote computer, this was done
in certain versions of the Apache
Webserver that use OpenSSL for for https.
• Also had code for DDOS
• Fixes have been issed but is still
considered “in the wild”

Weitere ähnliche Inhalte

Was ist angesagt?

Computer virus
Computer virusComputer virus
Computer virusRa Bia
 
Computer worm
Computer wormComputer worm
Computer wormzelkan19
 
computer viruses
computer virusescomputer viruses
computer virusesishan2shawn
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-studyIan Sommerville
 
Computer Virus
Computer VirusComputer Virus
Computer Virusizzul
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virusXʎz ʞsɥ
 
Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentationRakibul islam
 
Ids 006 computer worms
Ids 006 computer wormsIds 006 computer worms
Ids 006 computer wormsjyoti_lakhani
 
Computer virus
Computer virusComputer virus
Computer virusDark Side
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar pptvipinkumar940
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and WormsGrittyCC
 
Computer Virus
Computer VirusComputer Virus
Computer VirusAritra Das
 
5 worms and other malware
5   worms and other malware5   worms and other malware
5 worms and other malwaredrewz lin
 
Copy of antiviruse
Copy of antiviruseCopy of antiviruse
Copy of antiviruseSWAMY NAYAK
 

Was ist angesagt? (20)

Computer virus
Computer virusComputer virus
Computer virus
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer worm
Computer wormComputer worm
Computer worm
 
computer viruses
computer virusescomputer viruses
computer viruses
 
Computer virus
Computer virusComputer virus
Computer virus
 
Internet worm-case-study
Internet worm-case-studyInternet worm-case-study
Internet worm-case-study
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
Virus vs anti virus
Virus vs anti virusVirus vs anti virus
Virus vs anti virus
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Welcome to my presentation
Welcome to my presentationWelcome to my presentation
Welcome to my presentation
 
Ids 006 computer worms
Ids 006 computer wormsIds 006 computer worms
Ids 006 computer worms
 
Computer virus
Computer virusComputer virus
Computer virus
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar ppt
 
Antivirus PPt
Antivirus PPtAntivirus PPt
Antivirus PPt
 
Cybercrime: Virus and Defense
Cybercrime: Virus and DefenseCybercrime: Virus and Defense
Cybercrime: Virus and Defense
 
Virus and Worms
Virus and WormsVirus and Worms
Virus and Worms
 
Computer Virus
Computer VirusComputer Virus
Computer Virus
 
5 worms and other malware
5   worms and other malware5   worms and other malware
5 worms and other malware
 
Copy of antiviruse
Copy of antiviruseCopy of antiviruse
Copy of antiviruse
 

Ähnlich wie Viruses worms (20)

Computer Virus
Computer VirusComputer Virus
Computer Virus
 
How do antivirus works
How do antivirus worksHow do antivirus works
How do antivirus works
 
Virus and its types 2
Virus and its types 2Virus and its types 2
Virus and its types 2
 
Virus-Awareness
Virus-AwarenessVirus-Awareness
Virus-Awareness
 
Lecture 19
Lecture 19Lecture 19
Lecture 19
 
Malicious software
Malicious softwareMalicious software
Malicious software
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses (2).ppt
Viruses (2).pptViruses (2).ppt
Viruses (2).ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.ppt
 
Viruses
VirusesViruses
Viruses
 
Viruses (1).ppt
Viruses (1).pptViruses (1).ppt
Viruses (1).ppt
 
Program and System Threats
Program and System ThreatsProgram and System Threats
Program and System Threats
 
6unit1 virus and their types
6unit1 virus and their types6unit1 virus and their types
6unit1 virus and their types
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04
 
Computer virus & its cure
Computer virus & its cure Computer virus & its cure
Computer virus & its cure
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
anti_virus
anti_virusanti_virus
anti_virus
 

Mehr von Greater Noida Institute Of Technology

Mehr von Greater Noida Institute Of Technology (20)

Airline Analysis of Data Using Hadoop
Airline Analysis of Data Using HadoopAirline Analysis of Data Using Hadoop
Airline Analysis of Data Using Hadoop
 
College Administration Management System
College Administration Management System College Administration Management System
College Administration Management System
 
Web security
Web securityWeb security
Web security
 
Virtual Private Network
Virtual Private NetworkVirtual Private Network
Virtual Private Network
 
Spoofing
SpoofingSpoofing
Spoofing
 
Sentimental Analysis of twitter data .
Sentimental Analysis of twitter data .Sentimental Analysis of twitter data .
Sentimental Analysis of twitter data .
 
Hacking Question and Answer
Hacking Question and Answer Hacking Question and Answer
Hacking Question and Answer
 
Security tools
Security toolsSecurity tools
Security tools
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
Hacking and its Defence
Hacking and its DefenceHacking and its Defence
Hacking and its Defence
 
BroadBand Over powerline .
BroadBand Over powerline .BroadBand Over powerline .
BroadBand Over powerline .
 
Modern Networking Hacking
Modern Networking HackingModern Networking Hacking
Modern Networking Hacking
 
Network security
Network securityNetwork security
Network security
 
Lifi Technology
Lifi TechnologyLifi Technology
Lifi Technology
 
Hack wireless internet connections or wifi
Hack wireless internet connections or wifiHack wireless internet connections or wifi
Hack wireless internet connections or wifi
 
Hacking step (Methodology)
Hacking step (Methodology)Hacking step (Methodology)
Hacking step (Methodology)
 
Hacking In Detail
Hacking In DetailHacking In Detail
Hacking In Detail
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
How to become Hackers .
How to become Hackers .How to become Hackers .
How to become Hackers .
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 

Kürzlich hochgeladen

Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdfShreedeep Rayamajhi
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxnaveenithkrishnan
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteMavein
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusSkylark Nobin
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSedrianrheine
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxjayshuklatrainer
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsRoxana Stingu
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Shubham Pant
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilitiesalihassaah1994
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSlesteraporado16
 
world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxnaveenithkrishnan
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfmchristianalwyn
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024Jan Löffler
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpressssuser166378
 

Kürzlich hochgeladen (15)

Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdfIntroduction to ICANN and Fellowship program  by Shreedeep Rayamajhi.pdf
Introduction to ICANN and Fellowship program by Shreedeep Rayamajhi.pdf
 
Bio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptxBio Medical Waste Management Guideliness 2023 ppt.pptx
Bio Medical Waste Management Guideliness 2023 ppt.pptx
 
Computer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a WebsiteComputer 10 Lesson 8: Building a Website
Computer 10 Lesson 8: Building a Website
 
Niche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus BonusNiche Domination Prodigy Review Plus Bonus
Niche Domination Prodigy Review Plus Bonus
 
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDSTYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
TYPES AND DEFINITION OF ONLINE CRIMES AND HAZARDS
 
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptxA_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
A_Z-1_0_4T_00A-EN_U-Po_w_erPoint_06.pptx
 
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced HorizonsVision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
Vision Forward: Tracing Image Search SEO From Its Roots To AI-Enhanced Horizons
 
Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024Check out the Free Landing Page Hosting in 2024
Check out the Free Landing Page Hosting in 2024
 
Zero-day Vulnerabilities
Zero-day VulnerabilitiesZero-day Vulnerabilities
Zero-day Vulnerabilities
 
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...
 
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASSLESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
LESSON 10/ GROUP 10/ ST. THOMAS AQUINASS
 
world Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptxworld Tuberculosis day ppt 25-3-2024.pptx
world Tuberculosis day ppt 25-3-2024.pptx
 
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdfLESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
LESSON 5 GROUP 10 ST. THOMAS AQUINAS.pdf
 
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
WordPress by the numbers - Jan Loeffler, CTO WebPros, CloudFest 2024
 
Presentation2.pptx - JoyPress Wordpress
Presentation2.pptx -  JoyPress WordpressPresentation2.pptx -  JoyPress Wordpress
Presentation2.pptx - JoyPress Wordpress
 

Viruses worms

  • 1. Viruses & Worms ANAND KUMAR MISHRA
  • 2. A Couple of Definitions: • A computer virus is a computer program that can copy itself and infect a computer without permission or knowledge of the user. • “a program that replicates by “infecting” other programs, so that they contain a copy of the virus”
  • 3. How • Viral code is attached or “inserted” into the order of execution so that when the legitimate code is run the viral code is also run or run instead of the legitimate code. • May be “tacked” on to the end of an executable file or inserted into unused program space. • Legitimate code must be modified so that the viral code is branched/vectored to.
  • 4. Most viruses: • Do not damage the original program or damage the hardware – May damage data files – “trash” firmware – Mess up boot records • But, some do • For this reason most can be cleaned up with anti-virus software.
  • 5. The Normal Virus works like this: • User call for a legitimate program • The virus code, having inserted itself in the order of execution, executes instead or in addition to the legitimate program. • The virus code terminates and returns control to the legitimate program
  • 6. “In The Wild” • A virus is said to be “in the wild” when it has either escaped or been released from its controlled or development environment to the general population. • For a virus to be considered In the Wild, it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users.
  • 7. The Wildlist • http:wildlist.org is an organizations that maintains a list of “in the wild” viruses • According to wildlist.org: – To be considered “in the wild” a virus must be reported by two or more virus professionals who report to the Wildlist Organization • Must also be accompanied by replicated samples • This strictness insures that Wildlist viruses are definitely out there doing damage.
  • 8. How they work: Basic structure: { look for one or more infectable objects if (none found) exit else infect object } Doesn’t remain in memory, but executes all of the viral code at once then returns control to the infected program
  • 9. Memory Resident Viruses • Virus that installs itself into memory and stays there after the host program terminates so it can infect other programs that come along. • Boot sector infectors work this way
  • 10. Major Components of Viruses • Infection code – This is the part that locates an infectable object (previous snippet) • Payload – Any operation that any other program can do but is usually something meant to be irratating or possibly destructive. • Trigger – Whatever sets it off, time-of-day, program execution by user.
  • 11. Classifications: • Boot Sector infectors • File infectors • Multipartite viruses • Macro viruses • Scripting viruses • Other
  • 12. Boot Sector infectors • Used to be really popular, but with less people using floppy disks are becoming rare • Hard to write so other methods like scripting and macro virues are more popular • First sector on hard drive partion (first sector on floppy) is Master Boot record, contains info about the drive and the bootstrap loader. • If MBR can be messed up then when boot tries to get drive info from MBR for CMOS it won’t be able to boot up. • May keep a copy of MBR around in case other programs need to use info (makes it easier to disinfect)
  • 13. File Infectors • File viruses infect executable files. • Historically haven’t been very successful at spreading. • Fast infectors – try to infect as many other files as possible (instant gratification) • Sparse infectors – only infect a few files at a time (in order to not be conspicuous) • Most really successful file infectors are classified as Worms.
  • 14. Multipartite Viruses • Viruses that use more than one infection mechanism – File and Boot viruses • Becoming more popular with virus writers
  • 15. Macro Viruses • Infect programming environments rather than OSes or files. • Almost any application that has it’s own macro programming environment – MS Office (Word, Excel, Access…) – Visual Basic • Application loads a file containing macro and executes the macro upon loading –or- runs it based on some application based trigger. • Melissa was really successful macro virus • Usually spread as an e-mail attachment
  • 16. Script Viruses • Usually refers to VBScript but could be any scripting environment as Unix scell scripts, Hypercard scripts, Javascript • Usually sent as e-mail attachments with doctored up file name as: – Filename.doc.bat to fool user into opening it
  • 17. Memetic Viruses • These are not computer viruses but rather attempts at social engineering or getting the user to conform to a certain behavior. • Virus Hoaxes • “Good Times” hoax (mid 1990s) The story is that a virus called Good Times is being carried by email. Just reading a message with "Good Times" in the subject line will erase your hard drive, or even destroy your computer's processor. Needless to say, it's a hoax, but a lot of people believed it. The original message ended with instructions to "Forward this to all your friends," and many people did just that. Warnings about Good Times have been widely distributed on mailing lists, Usenet newsgroups, and message boards. The original hoax started in early December, 1994. It sprang up again in March of 1995. In mid-April, a new version of the hoax that ment
  • 18. Worms • Worms are a subset of viruses • The differ in the the method of attachment; rather than attaching to a file like a virus a worm copies itself across the network without attachment. • Infects the environment rather than specific objects • Morris Worm, WANK, CHRISTMA EXEC
  • 19. CHRISTMA EXEC • Christmas Tree EXEC was the first widely disruptive replicating network program, which paralysed several international computer networks in December 1987. • Written by a student at the Clausthal University of Technology in the REXX scripting language, it drew a crude Christmas tree - then sent itself to each entry in the target's email contacts file. In this way it spread onto the European Academic Research Network (EARN), the BITNET, and IBM's world-wide VNET. On all of these systems it caused massive disruption. • Its core mechanism was essentially the same as the ILOVEYOU worm of 2000 - although running on mainframes rather than PC's, spreading over a different network, and scripted using REXX rather than VBScript.
  • 20. Morris Worm • The Morris worm or Internet worm was one of the first computer worms distributed via the Internet; it is considered the first worm and was certainly the first to gain significant mainstream media attention. It also resulted in the first conviction under the 1986 Computer Fraud and Abuse Act.[1][2] It was written by a student at Cornell University, Robert Tappan Morris, and launched on November 2, 1988 from MIT. The worm was released from MIT to disguise the fact that the worm originally came from Cornell. (Incidentally, Robert Tappan Morris is now an associate professor at MIT.) • the Morris worm was not written to cause damage, but to gauge the size of the Internet. An unintended consequence of the code, however, caused it to be more damaging: a computer could be infected multiple times and each additional process would slow the machine down, eventually to the point of being unusable. The Morris worm worked by exploiting known vulnerabilities in Unix sendmail, Finger, rsh/rexec and weak passwords. The main body of the worm could only infect DEC VAX machines running BSD 4, and Sun 3 systems. A portable C "grappling hook" component of the worm was used to pull over the main body, and the grappling hook could run on other systems, loading them down and making them peripheral victims.
  • 21. Slapper Worm • Linux - 2002 • Exploits a problem in OpenSSL to run a shell on a remote computer, this was done in certain versions of the Apache Webserver that use OpenSSL for for https. • Also had code for DDOS • Fixes have been issed but is still considered “in the wild”